Tizi: New Android Spyware Discovered by Google

Google play protect is well known for its new AI-powered malware detection mechanism, Google Play Protect Service recently detected an Android spyware dubbed as “Tizi.”

Targeting devices in African countries, Tizi comes with fully featured android rooting and data collection capabilities. It creates a backdoor in the affected device and sends sensitive information related to social media and other applications to its Command and Control server. The malware is believed to be present in applications since October 2015.

Here is How Tizi Works

According to Google’s online security blog post, Tizi gains root access by exploiting the following vulnerabilities.

CVE-2012-4220

CVE-2013-2596

CVE-2013-2597

CVE-2013-2595

CVE-2013-2094

CVE-2013-6282

CVE-2014-3153

CVE-2015-3636

CVE-2015-1805

Although these all vulnerabilities are patched by the update release of the 1st quarter of 2016, Tizi will still attempt to gain permissions from the user itself to let the app allow to record audio, SMS and use camera. You can call it a stubborn spyware which will make sure that once it is in then it will do what it is meant to do. Tizi mainly focused on users social media data and other related data which can be misused.

Once it gains root access to the device it will connect to its command and control server and establishes a connection to it to transfer the data it has collected from the device.

Here is what google said “If a Tizi app is unable to take control of a device because the vulnerabilities it tries to use are all patched, it will still attempt to perform some actions through the high level of permissions it asks the user to grant to it, mainly around reading and sending SMS messages and monitoring, redirecting, and preventing outgoing phone calls.”